Packet fragmentation has traditionally been used as part of transmitting data flows in TCP/IP networking. That is, when the size of an Internet Protocol version 4 (IPv4) packet exceeds a particular maximum transmission unit (MTU) of a particular link of a network, a forwarding element of the network (e.g., load balancers, routers, etc.) fragments the packet to two or more smaller packets which can pass through the links with the particular MTU. In response to this challenge, a specific mechanism has been implemented in the IP layer to ensure that the fragmented packets will be reassembled at the destination point. This mechanism employs the Internet Protocol version 4 (IPv4) identification field in the packet's IP header to identify and reassemble the fragmented packets. The IPv4 identification field carries a monotonic incremental value for each IP packet sent by a particular source. When a packet is fragmented, all the fragmented packets will have the same value in their IPv4 identification fields as the original packet. The fragmented packets, however, will have different fragment offsets from each other. Therefore, when the destination point receives the fragmented packets, by looking at the IPv4 identification fields and the offsets of the packets, it would be able to reassemble the fragmented packets to their corresponding original packets.
FIG. 1 illustrates how the IPv4 identification field has been traditionally used in the IP layer for defragmentation of the fragmented packets. The figure shows transmission of packets from a source 110 to a destination 130 through a network 120 at four different points of time T1-T4. At time T1, a packet P(n) has been sent out from the source towards the destination. Packet P(n) has an IP header with different fields. Three of such IP header fields that are shown in the figure are source IP field 140, destination IP field 150, and IPv4 identification field 160. The source IP address of the packet, in this example is A while the destination IP address is B. The IPv4 identification field's value is 12 which shows that at time T1, the packet P(n) is the 12th packet that was sent from the source (assuming that the IPv4 identification field's value for the first packet was 1, and that for each subsequent packet sent from the source, the value of the IPv4 identification field incremented by 1). Lastly, payload field 170 contains the data that is being carried within the packet from source application with source IP address A to the destination application with the destination IP address B.
At time T2, a second packet P(n+1) with the same source and destination IP addresses has been transmitted from the source. As the result, the IPv4 identification field's value is incremented to 13. This stage also shows that the packet P(n) has been fragmented to two fragmented packets P(n(1)) and P(n(2)) each of which having the same IPv4 value (12) as the packet P(n). Also, each fragmented packet carries a portion of the payload of the packet P(n) which are frg1 180 and frg2 190. At time T3, a third packet P(n+2) has been transmitted out from the source that belongs to a different data flow and the value of the IPv4 identification field has continued to increment to 14. At time T4, a fourth packet that belongs to the first data flow has been transmitted and its IPv4 value has continued to increment to 15.
Because the design of the IP suite is based on the end-to-end principle, the network infrastructure is considered inherently unreliable at any single network element or transmission medium. As a consequence of such design, the IP layer only provides best effort delivery and its service is characterized as unreliable. In network architectural language, it is a connectionless protocol, in contrast to connection-oriented modes of transmission. As such, various error conditions such as packet loss, duplication and out-of-order delivery of packets may occur. Therefore, in TCP/IP networking, it is always desirable to perform diagnoses on a data flow to identify such conditions.